Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Storing passwords

Re: Storing passwords

From: Arjan van Bentem <avbentem_at_DONT-YOU-DAREdds.nl>
Date: Thu, 3 Dec 1998 23:28:06 +0100
Message-ID: <7473c4$mk8$1@newton.a2000.nl> 





Chuck Hamilton wrote


>Is there a way to store passwords in an Oracle7


>table so that they're encrypted?





I wonder if you really need to be able to decrypt the passwords? If
this is only used to verify a password that a user enters, then
encrypting the supplied password and compare it to the encrypted
(stored) password would be better. When you can decrypt the password,
then anyone having access to the database can decrypt them...



Oracle does provide database encryption / decryption (for example
dbencryp in Oracle Lite), but a simple encryption for only a few data
elements could be achieved with something like:



    x := dbms_utility.get_hash_value(pUsr||pPwd, 0, 999999999);



Note that the numeric result can not be decrypted (as more than one
pUsr || pPwd combination could result in the same has value), but that
it is not a strong encryption either. If chances are equal, I'd say
the chance to get the same encrypted password would be 3 to
1,000,000,000 if you allow three attempts...



Arjan.


Received on Thu Dec 03 1998 - 16:28:06 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US